tests/session_management.rs at daa358e7fd22e011dd58ec59617018ffa740c579 · lewis.moe/bspds-sandbox

lewis.moe / bspds-sandbox
this repo has no description
bspds-sandbox / tests / session_management.rs
at daa358e7fd22e011dd58ec59617018ffa740c579 8.1 kB view raw
  1mod common;
  2mod helpers;
  3use common::*;
  4use helpers::*;
  5use reqwest::StatusCode;
  6use serde_json::{Value, json};
  7
  8#[tokio::test]
  9async fn test_list_sessions_returns_current_session() {
 10    let client = client();
 11    let (did, jwt) = setup_new_user("list-sessions").await;
 12    let res = client
 13        .get(format!(
 14            "{}/xrpc/com.tranquil.account.listSessions",
 15            base_url().await
 16        ))
 17        .bearer_auth(&jwt)
 18        .send()
 19        .await
 20        .expect("Failed to send request");
 21    assert_eq!(res.status(), StatusCode::OK);
 22    let body: Value = res.json().await.unwrap();
 23    let sessions = body["sessions"]
 24        .as_array()
 25        .expect("sessions should be array");
 26    assert!(!sessions.is_empty(), "Should have at least one session");
 27    let current = sessions
 28        .iter()
 29        .find(|s| s["isCurrent"].as_bool() == Some(true));
 30    assert!(current.is_some(), "Should have a current session marked");
 31    let session = current.unwrap();
 32    assert!(session["id"].as_str().is_some(), "Session should have id");
 33    assert!(
 34        session["createdAt"].as_str().is_some(),
 35        "Session should have createdAt"
 36    );
 37    assert!(
 38        session["expiresAt"].as_str().is_some(),
 39        "Session should have expiresAt"
 40    );
 41    let _ = did;
 42}
 43
 44#[tokio::test]
 45async fn test_list_sessions_multiple_sessions() {
 46    let client = client();
 47    let ts = chrono::Utc::now().timestamp_millis();
 48    let handle = format!("multi-list-{}.test", ts);
 49    let email = format!("multi-list-{}@test.com", ts);
 50    let password = "Testpass123!";
 51    let create_payload = json!({
 52        "handle": handle,
 53        "email": email,
 54        "password": password
 55    });
 56    let create_res = client
 57        .post(format!(
 58            "{}/xrpc/com.atproto.server.createAccount",
 59            base_url().await
 60        ))
 61        .json(&create_payload)
 62        .send()
 63        .await
 64        .expect("Failed to create account");
 65    assert_eq!(create_res.status(), StatusCode::OK);
 66    let create_body: Value = create_res.json().await.unwrap();
 67    let did = create_body["did"].as_str().unwrap();
 68    let jwt1 = verify_new_account(&client, did).await;
 69    let login_payload = json!({
 70        "identifier": handle,
 71        "password": password
 72    });
 73    let login_res = client
 74        .post(format!(
 75            "{}/xrpc/com.atproto.server.createSession",
 76            base_url().await
 77        ))
 78        .json(&login_payload)
 79        .send()
 80        .await
 81        .expect("Failed to login");
 82    assert_eq!(login_res.status(), StatusCode::OK);
 83    let login_body: Value = login_res.json().await.unwrap();
 84    let jwt2 = login_body["accessJwt"].as_str().unwrap();
 85    let list_res = client
 86        .get(format!(
 87            "{}/xrpc/com.tranquil.account.listSessions",
 88            base_url().await
 89        ))
 90        .bearer_auth(jwt2)
 91        .send()
 92        .await
 93        .expect("Failed to list sessions");
 94    assert_eq!(list_res.status(), StatusCode::OK);
 95    let list_body: Value = list_res.json().await.unwrap();
 96    let sessions = list_body["sessions"].as_array().unwrap();
 97    assert!(
 98        sessions.len() >= 2,
 99        "Should have at least 2 sessions, got {}",
100        sessions.len()
101    );
102    let _ = jwt1;
103}
104
105#[tokio::test]
106async fn test_list_sessions_requires_auth() {
107    let client = client();
108    let res = client
109        .get(format!(
110            "{}/xrpc/com.tranquil.account.listSessions",
111            base_url().await
112        ))
113        .send()
114        .await
115        .expect("Failed to send request");
116    assert_eq!(res.status(), StatusCode::UNAUTHORIZED);
117}
118
119#[tokio::test]
120async fn test_revoke_session_success() {
121    let client = client();
122    let ts = chrono::Utc::now().timestamp_millis();
123    let handle = format!("revoke-sess-{}.test", ts);
124    let email = format!("revoke-sess-{}@test.com", ts);
125    let password = "Testpass123!";
126    let create_payload = json!({
127        "handle": handle,
128        "email": email,
129        "password": password
130    });
131    let create_res = client
132        .post(format!(
133            "{}/xrpc/com.atproto.server.createAccount",
134            base_url().await
135        ))
136        .json(&create_payload)
137        .send()
138        .await
139        .expect("Failed to create account");
140    assert_eq!(create_res.status(), StatusCode::OK);
141    let create_body: Value = create_res.json().await.unwrap();
142    let did = create_body["did"].as_str().unwrap();
143    let jwt1 = verify_new_account(&client, did).await;
144    let login_payload = json!({
145        "identifier": handle,
146        "password": password
147    });
148    let login_res = client
149        .post(format!(
150            "{}/xrpc/com.atproto.server.createSession",
151            base_url().await
152        ))
153        .json(&login_payload)
154        .send()
155        .await
156        .expect("Failed to login");
157    assert_eq!(login_res.status(), StatusCode::OK);
158    let login_body: Value = login_res.json().await.unwrap();
159    let jwt2 = login_body["accessJwt"].as_str().unwrap();
160    let list_res = client
161        .get(format!(
162            "{}/xrpc/com.tranquil.account.listSessions",
163            base_url().await
164        ))
165        .bearer_auth(jwt2)
166        .send()
167        .await
168        .expect("Failed to list sessions");
169    let list_body: Value = list_res.json().await.unwrap();
170    let sessions = list_body["sessions"].as_array().unwrap();
171    let other_session = sessions
172        .iter()
173        .find(|s| s["isCurrent"].as_bool() != Some(true));
174    assert!(
175        other_session.is_some(),
176        "Should have another session to revoke"
177    );
178    let session_id = other_session.unwrap()["id"].as_str().unwrap();
179    let revoke_res = client
180        .post(format!(
181            "{}/xrpc/com.tranquil.account.revokeSession",
182            base_url().await
183        ))
184        .bearer_auth(jwt2)
185        .json(&json!({"sessionId": session_id}))
186        .send()
187        .await
188        .expect("Failed to revoke session");
189    assert_eq!(revoke_res.status(), StatusCode::OK);
190    let list_after_res = client
191        .get(format!(
192            "{}/xrpc/com.tranquil.account.listSessions",
193            base_url().await
194        ))
195        .bearer_auth(jwt2)
196        .send()
197        .await
198        .expect("Failed to list sessions after revoke");
199    let list_after_body: Value = list_after_res.json().await.unwrap();
200    let sessions_after = list_after_body["sessions"].as_array().unwrap();
201    let revoked_still_exists = sessions_after
202        .iter()
203        .any(|s| s["id"].as_str() == Some(session_id));
204    assert!(
205        !revoked_still_exists,
206        "Revoked session should not appear in list"
207    );
208    let _ = jwt1;
209}
210
211#[tokio::test]
212async fn test_revoke_session_invalid_id() {
213    let client = client();
214    let (_, jwt) = setup_new_user("revoke-invalid").await;
215    let res = client
216        .post(format!(
217            "{}/xrpc/com.tranquil.account.revokeSession",
218            base_url().await
219        ))
220        .bearer_auth(&jwt)
221        .json(&json!({"sessionId": "not-a-number"}))
222        .send()
223        .await
224        .expect("Failed to send request");
225    assert_eq!(res.status(), StatusCode::BAD_REQUEST);
226}
227
228#[tokio::test]
229async fn test_revoke_session_not_found() {
230    let client = client();
231    let (_, jwt) = setup_new_user("revoke-notfound").await;
232    let res = client
233        .post(format!(
234            "{}/xrpc/com.tranquil.account.revokeSession",
235            base_url().await
236        ))
237        .bearer_auth(&jwt)
238        .json(&json!({"sessionId": "jwt:999999999"}))
239        .send()
240        .await
241        .expect("Failed to send request");
242    assert_eq!(res.status(), StatusCode::NOT_FOUND);
243}
244
245#[tokio::test]
246async fn test_revoke_session_requires_auth() {
247    let client = client();
248    let res = client
249        .post(format!(
250            "{}/xrpc/com.tranquil.account.revokeSession",
251            base_url().await
252        ))
253        .json(&json!({"sessionId": "1"}))
254        .send()
255        .await
256        .expect("Failed to send request");
257    assert_eq!(res.status(), StatusCode::UNAUTHORIZED);
258}